On Fri, Jun 25, 2004 at 01:44:15PM -0400, Stephen Smalley wrote: > rpm source code appears to be passing the mode as part of the lookup, > so I don't think that is the issue. > > rpm -Uvh --force libselinux*.rpm keeps the correct security context on > /lib/libselinux.so.1 for me, both on a strict policy machine and a > targeted policy machine. rpm is 4.3.2-0.4; I haven't updated to -1 > yet. Could this be an issue with apt? I'm actually using apt-get to install these packages. When I tried using "rpm -Uvh ..." directly, it seemed to set the contexts correctly as you say. However, when I did it with apt-get again, I saw the same problem. Here's some files from the mozilla package with their correct contexts: system_u:object_r:shlib_t /usr/lib/mozilla-1.7/components/libaccessibility.so system_u:object_r:shlib_t /usr/lib/mozilla-1.7/components/libaddrbook.so system_u:object_r:shlib_t /usr/lib/mozilla-1.7/components/libappcomps.so system_u:object_r:shlib_t /usr/lib/mozilla-1.7/components/libautoconfig.so Then I run "apt-get install mozilla", which upgrades mozilla from 1.7-0.3.1 to 1.7-0.3.2. Afterwards, these same files (but from the new version of mozilla) have the following contexts: root:object_r:lib_t /usr/lib/mozilla-1.7/components/libaccessibility.so root:object_r:lib_t /usr/lib/mozilla-1.7/components/libaddrbook.so root:object_r:lib_t /usr/lib/mozilla-1.7/components/libappcomps.so root:object_r:lib_t /usr/lib/mozilla-1.7/components/libautoconfig.so I assumed that apt's behaviour should be the same since it's just using rpm underneath, but maybe there's extra rpm API calls that need to be made by apt when it's running on a SELinux system? This is with apt-0.5.15cnc6-0.fdr.11.2, rpm-4.3.2-0.4. gary